wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes from regression testing.

Browse Source 
Fix random prime generation for big endian to set low bits after
shifting top word.
Allow SP_MATH to be built without RSA, DH and ECC - needed for PKCS#12.
Add DH 2048 bit parameters to cert_test.c for test.c when NO_ASN and
WOLFSSL_SP_MATH.
This commit is contained in:
Sean Parkinson
2022-12-16 14:43:29 +10:00
parent b2d25ece98
commit 45e3c721b3
4 changed files with 83 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
configure.ac
View File

@ -3907,7 +3907,7 @@ then
fi
# No Big Int (ASN, DSA, RSA, DH and ECC need bigint)
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = no && \
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \
test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \
test "$ENABLED_RSA" = "no"
then
@ -6727,6 +6727,7 @@ do
esac
done
ENABLED_SP_LINE="$ENABLE_SP"
ENABLED_SP=no
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then
ENABLED_SP=yes
@ -6796,7 +6797,15 @@ fi
if test "$ENABLED_SP_MATH" = "yes"; then
if test "$ENABLED_SP" = "no"; then
AC_MSG_ERROR([Must have SP enabled with SP math: --enable-sp])
if test "$ENABLED_RSA" != "no"; then
AC_MSG_ERROR([Must have SP enabled with SP math for RSA: --enable-sp])
fi
if test "$ENABLED_DH" != "no"; then
AC_MSG_ERROR([Must have SP enabled with SP math for DH: --enable-sp])
fi
if test "$ENABLED_ECC" != "no"; then
AC_MSG_ERROR([Must have SP enabled with SP math for ECC: --enable-sp])
fi
fi
if test "$ENABLED_ECCCUSTCURVES" != "no"; then
AC_MSG_ERROR([Cannot use single precision math and custom curves])

62
wolfcrypt/src/sp_int.c
View File

@ -4706,7 +4706,8 @@ void sp_free(sp_int* a)
}
}
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
!defined(NO_DH) || defined(HAVE_ECC)
/* Grow multi-precision number to be able to hold l digits.
* This function does nothing as the number of digits is fixed.
*
@ -4739,9 +4740,10 @@ int sp_grow(sp_int* a, int l)
return err;
}
#endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */
#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH || HAVE_ECC */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(HAVE_ECC)
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
defined(HAVE_ECC)
/* Set the multi-precision number to zero.
*
* @param [out] a SP integer to set to zero.
@ -4753,7 +4755,7 @@ void sp_zero(sp_int* a)
_sp_zero(a);
}
}
#endif /* !WOLFSSL_RSA_VERIFY_ONLY */
#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */
/* Clear the data from the multi-precision number, set to zero and free.
*
@ -5166,8 +5168,8 @@ int sp_cmp(const sp_int* a, const sp_int* b)
* Bit check/set functions
*************************/
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (defined(WOLFSSL_SP_MATH_ALL) && \
defined(HAVE_ECC))
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
(defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC))
/* Check if a bit is set
*
* When a is NULL, result is 0.
@ -5195,7 +5197,8 @@ int sp_is_bit_set(const sp_int* a, unsigned int b)
return ret;
}
#endif /* WOLFSSL_RSA_VERIFY_ONLY */
#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) ||
* (WOLFSSL_SP_MATH_ALL && HAVE_ECC) */
/* Count the number of bits in the multi-precision number.
*
@ -5424,6 +5427,8 @@ int sp_2expt(sp_int* a, int e)
* Digit/Long functions
**********************/
#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || !defined(NO_DH) || \
defined(HAVE_ECC)
/* Set the multi-precision number to be the value of the digit.
*
* @param [out] a SP integer to become number.
@ -5454,6 +5459,7 @@ int sp_set(sp_int* a, sp_int_digit d)
return err;
}
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || defined(OPENSSL_EXTRA)
/* Set a number into the multi-precision number.
@ -5507,8 +5513,9 @@ int sp_set_int(sp_int* a, unsigned long n)
}
#endif /* WOLFSSL_SP_MATH_ALL || !NO_RSA */
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || \
(defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_DH))
#if defined(WOLFSSL_SP_MATH_ALL) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
!defined(NO_DH) || defined(HAVE_ECC)
/* Compare a one digit number with a multi-precision number.
*
* When a is NULL, MP_LT is returned.
@ -7559,8 +7566,8 @@ int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
* Shifting functoins
********************/
#if !defined(NO_DH) || defined(HAVE_ECC) || (defined(WC_RSA_BLINDING) && \
!defined(WOLFSSL_RSA_VERIFY_ONLY))
#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
defined(WC_RSA_BLINDING) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
/* Left shift the multi-precision number by a number of digits.
*
* @param [in,out] a SP integer to shift.
@ -8265,6 +8272,9 @@ int sp_mod(const sp_int* a, const sp_int* m, sp_int* r)
#endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC || \
* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
defined(HAVE_ECC) || !defined(NO_RSA)
/* START SP_MUL implementations. */
/* This code is generated.
* To generate:
@ -11266,6 +11276,8 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
}
/* END SP_MUL implementations. */
#endif
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
defined(WOLFCRYPT_HAVE_ECCSI) || \
(!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || defined(OPENSSL_ALL)
@ -16014,8 +16026,9 @@ int sp_sqr(const sp_int* a, sp_int* r)
#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || HAVE_ECC ||
* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH)
#if defined(WOLFSSL_SP_MATH_ALL) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || defined(HAVE_ECC)
/* Square a mod m and store in r: r = (a * a) mod m
*
* @param [in] a SP integer to square.
@ -16739,20 +16752,21 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
#else
/* Construct digit from required number of bytes. */
for (i = inSz-1; i >= SP_WORD_SIZEOF - 1; i -= SP_WORD_SIZEOF) {
a->dp[j] = ((sp_int_digit)in[i - 0] << 0);
a->dp[j] = ((sp_int_digit)in[i - 0] << 0)
#if SP_WORD_SIZE >= 16
a->dp[j] |= ((sp_int_digit)in[i - 1] << 8);
| ((sp_int_digit)in[i - 1] << 8)
#endif
#if SP_WORD_SIZE >= 32
a->dp[j] |= ((sp_int_digit)in[i - 2] << 16) |
((sp_int_digit)in[i - 3] << 24);
| ((sp_int_digit)in[i - 2] << 16) |
((sp_int_digit)in[i - 3] << 24)
#endif
#if SP_WORD_SIZE >= 64
a->dp[j] |= ((sp_int_digit)in[i - 4] << 32) |
| ((sp_int_digit)in[i - 4] << 32) |
((sp_int_digit)in[i - 5] << 40) |
((sp_int_digit)in[i - 6] << 48) |
((sp_int_digit)in[i - 7] << 56);
((sp_int_digit)in[i - 7] << 56)
#endif
;
j++;
}
#endif
@ -17536,11 +17550,6 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
#else
((byte*)(r->dp + r->used - 1))[0] |= 0x80 | 0x40;
#endif /* LITTLE_ENDIAN_ORDER */
/* Set mandatory low bits
* - bottom bit to make odd.
* - For BBS, second lowest too to make Blum integer (3 mod 4).
*/
r->dp[0] |= low_bits;
#ifdef BIG_ENDIAN_ORDER
/* Bytes were put into wrong place when less than full digit. */
@ -17554,6 +17563,11 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
r->dp[r->used - 1] &= ((sp_int_digit)1 << bits) - 1;
}
#endif /* WOLFSSL_SP_MATH_ALL */
/* Set mandatory low bits
* - bottom bit to make odd.
* - For BBS, second lowest too to make Blum integer (3 mod 4).
*/
r->dp[0] |= low_bits;
/* Running Miller-Rabin up to 3 times gives us a 2^{-80} chance
* of a 1024-bit candidate being a false positive, when it is our

33
wolfssl/certs_test.h
View File

@ -8320,6 +8320,39 @@ static const unsigned char dh_g[] =
0x02,
};
/* dh2048 p */
static const unsigned char dh2048_p[] =
{
0xB0, 0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, 0xBC,
0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6, 0xEF, 0x4A, 0xC6,
0x25, 0x27, 0x1C, 0xE8, 0xD2, 0x96, 0x53, 0x0A, 0x5C, 0x91, 0xDD, 0xA2,
0xC2, 0x94, 0x84, 0xBF, 0x7D, 0xB2, 0x44, 0x9F, 0x9B, 0xD2, 0xC1, 0x8A,
0xC5, 0xBE, 0x72, 0x5C, 0xA7, 0xE7, 0x91, 0xE6, 0xD4, 0x9F, 0x73, 0x07,
0x85, 0x5B, 0x66, 0x48, 0xC7, 0x70, 0xFA, 0xB4, 0xEE, 0x02, 0xC9, 0x3D,
0x9A, 0x4A, 0xDA, 0x3D, 0xC1, 0x46, 0x3E, 0x19, 0x69, 0xD1, 0x17, 0x46,
0x07, 0xA3, 0x4D, 0x9F, 0x2B, 0x96, 0x17, 0x39, 0x6D, 0x30, 0x8D, 0x2A,
0xF3, 0x94, 0xD3, 0x75, 0xCF, 0xA0, 0x75, 0xE6, 0xF2, 0x92, 0x1F, 0x1A,
0x70, 0x05, 0xAA, 0x04, 0x83, 0x57, 0x30, 0xFB, 0xDA, 0x76, 0x93, 0x38,
0x50, 0xE8, 0x27, 0xFD, 0x63, 0xEE, 0x3C, 0xE5, 0xB7, 0xC8, 0x09, 0xAE,
0x6F, 0x50, 0x35, 0x8E, 0x84, 0xCE, 0x4A, 0x00, 0xE9, 0x12, 0x7E, 0x5A,
0x31, 0xD7, 0x33, 0xFC, 0x21, 0x13, 0x76, 0xCC, 0x16, 0x30, 0xDB, 0x0C,
0xFC, 0xC5, 0x62, 0xA7, 0x35, 0xB8, 0xEF, 0xB7, 0xB0, 0xAC, 0xC0, 0x36,
0xF6, 0xD9, 0xC9, 0x46, 0x48, 0xF9, 0x40, 0x90, 0x00, 0x2B, 0x1B, 0xAA,
0x6C, 0xE3, 0x1A, 0xC3, 0x0B, 0x03, 0x9E, 0x1B, 0xC2, 0x46, 0xE4, 0x48,
0x4E, 0x22, 0x73, 0x6F, 0xC3, 0x5F, 0xD4, 0x9A, 0xD6, 0x30, 0x07, 0x48,
0xD6, 0x8C, 0x90, 0xAB, 0xD4, 0xF6, 0xF1, 0xE3, 0x48, 0xD3, 0x58, 0x4B,
0xA6, 0xB9, 0xCD, 0x29, 0xBF, 0x68, 0x1F, 0x08, 0x4B, 0x63, 0x86, 0x2F,
0x5C, 0x6B, 0xD6, 0xB6, 0x06, 0x65, 0xF7, 0xA6, 0xDC, 0x00, 0x67, 0x6B,
0xBB, 0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, 0x7E,
0xAF, 0x00, 0x3F, 0x93
};
/* dh2048 g */
static const unsigned char dh2048_g[] =
{
0x02,
};
#if defined(HAVE_ED25519)
/* ./certs/ed25519/server-ed25519.der, ED25519 */

2
wolfssl/wolfcrypt/sp_int.h
View File

@ -398,7 +398,7 @@ typedef struct sp_ecc_ctx {
#define SP_INT_BITS 521
#elif !defined(NO_PWDBASED) && defined(HAVE_PKCS12)
/* wc_PKCS12_PBKDF_ex() */
#define SP_INT_BITS WC_MAX_DIGEST_SIZE * 8
#define SP_INT_BITS (64 * 8)
#else
#define SP_INT_BITS 128
#endif